Pentagon’s tech agency reveals potential breach involving personal data

There have been multiple publicly reported breaches of Pentagon contractors in the last year.
The Pentagon (Reuters)

The agency that secures the U.S. military’s IT infrastructure across the globe says sensitive personal data, including Social Security numbers, hosted on its network may have been compromised in a breach between May and July 2019.

The Defense Information Systems Agency notified potential victims of the breach in a letter this month, saying it had tightened protocols for protecting personally identification information (PII) because of the incident.

“We take this potential data compromise very seriously,” DISA Chief Information Officer Roger Greenwell said in the letter seen by CyberScoop.

There is no evidence that compromised PII has been used maliciously, he said, adding that potential victims will have access to free credit monitoring. Personal data about U.S. government personnel and contractors could be valuable to foreign intelligence agencies and financially-motivated criminals alike.


“DISA has conducted a thorough investigation of this incident and taken appropriate measures to secure the network,” an agency spokesperson said in a statement.

There have been multiple publicly reported breaches of Pentagon contractors in the last year. Miracle Systems, which provides IT services to the U.S. Air Force and Army, had one of its internal servers breached. In a separate incident revealed in October, a travel records system at the Department of Defense was breached in an incident that reportedly affected tens of thousands of department personnel.

Reuters was first to report on the DISA security incident.

Sean Lyngaas

Written by Sean Lyngaas

Sean Lyngaas is CyberScoop’s Senior Reporter covering the Department of Homeland Security and Congress. He was previously a freelance journalist in West Africa, where he covered everything from a presidential election in Ghana to military mutinies in Ivory Coast for The New York Times. Lyngaas’ reporting also has appeared in The Washington Post, The Economist and the BBC, among other outlets. His investigation of cybersecurity issues in the nuclear sector, backed by a grant from the Pulitzer Center on Crisis Reporting, won plaudits from industrial security experts. He was previously a reporter with Federal Computer Week and, before that, with Smart Grid Today. Sean earned a B.A. in public policy from Duke University and an M.A. in International Relations from The Fletcher School of Law and Diplomacy at Tufts University.

Latest Podcasts